Biggest Crypto Heist in History Sees Funds Laundered Through THORChain
A hacker responsible for the largest cryptocurrency theft in history has successfully laundered 100% of the stolen funds, amounting to over $1.04 billion, within just 10 days. Despite this, blockchain security firms remain hopeful that some assets may still be recovered.
The attack, which took place on 21 February, saw over $1.4 billion worth of liquid-staked Ether (stETH), Mantle Staked ETH (mETH), and other ERC-20 tokens stolen from Bybit, making it the largest crypto exploit to date.
Funds Moved Through Decentralised Cross-Chain Protocols
Blockchain security firm Lookonchain reported on 4 March that the hacker had moved all 499,395 stolen Ether (ETH), now valued at approximately $1.04 billion, primarily via THORChain, a decentralised cross-chain liquidity protocol.
“The Bybit hacker has laundered all the stolen 499,395 ETH ($1.04B currently), mainly through THORChain,” Lookonchain stated in a post on X.
Multiple blockchain analytics firms, including Arkham Intelligence, have identified North Korea’s Lazarus Group as the prime suspect behind the attack. This comes just two months after South Korean authorities sanctioned 15 North Koreans for allegedly financing the country’s nuclear weapons programme through cryptocurrency theft and cybercrime.
Hope for Partial Recovery of Stolen Assets
Despite the sophisticated laundering process, blockchain security experts believe that some funds may still be traceable and potentially recoverable.
Deddy Lavid, co-founder and CEO of blockchain security firm Cyvers, explained that while techniques such as mixers and cross-chain swaps complicate asset recovery, there are still opportunities to track and freeze portions of the stolen funds.
“While laundering through mixers and cross-chain swaps complicates recovery, cybersecurity firms leveraging on-chain intelligence, AI-driven models, and collaboration with exchanges and regulators still have small opportunities to trace and potentially freeze assets,” Lavid said.
He emphasised the importance of a rapid response in such cases, warning that once stolen funds are deeply obfuscated, recovery becomes significantly more challenging.
Bybit CEO Confirms Fund Tracing Efforts
On 4 March, Bybit CEO Ben Zhou confirmed that around 77% of the stolen funds remain traceable, though over $280 million has effectively “gone dark.” Meanwhile, 3% of the stolen assets have already been frozen.
Despite the significant financial setback, Bybit reassured its customers by fully replacing the stolen $1.4 billion in Ether by 24 February—just three days after the attack. The exchange has continued to honour withdrawals, ensuring users are not affected by the breach.
Emerging Security Solutions to Prevent Future Attacks
In response to the growing threat of cyber theft in the crypto industry, blockchain security firms like Cyvers are developing pre-emptive measures to prevent similar attacks in the future.
One emerging solution, known as offchain transaction validation, has the potential to prevent 99% of crypto hacks and scams by simulating and validating blockchain transactions in an offchain environment before they are executed on-chain.
Michael Pearl, vice president of GTM strategy at Cyvers, highlighted the significance of such measures in reducing the risk of large-scale exploits.
With the increasing sophistication of cybercriminals, the need for robust blockchain security measures has never been more urgent. While the Bybit hacker may have successfully laundered the majority of the stolen funds, the case serves as a stark reminder of the vulnerabilities that still exist in the cryptocurrency space.
